PHISHGUARD: A Hybrid GCN-BERT Framework for Context-Aware Social Media Phishing Detection Aligned with MITRE ATT&CK

Social media phishing attacks have increased by 72 % globally since 2023, driven by AI-generated lures and coordinated cross-platform campaigns. Traditional detectors based solely on natural language processing or static rules suffer from high false positives and delayed responses. This paper presents PHISHGUARD, a hybrid framework combining graph convolutional networks for user-interaction topology analysis, a fine-tuned BERT model for contextual semantics, and automated MITRE ATT&CK T1598.003 mapping for threat-intelligence alignment. Evaluated on an open-source corpus of 15 000 annotated messages from Twitter/X, Facebook, and Instagram, PHISHGUARD achieves 96.2 % precision, 94.7 % recall, and a 95.4 % F1-score, reducing false positives by 75 % compared to a BERT-only baseline. Ablation studies confirm that both the GCN–BERT fusion layer and threat-context module contribute significantly to performance. The system sustains robust zero-day detection, cuts analyst investigation time by 55 %, and scales to networks of over 10 million users. By unifying semantic, behavioral, and threat-context analysis in an IEEE-aligned structure, PHISHGUARD offers a proactive defense against evolving social-engineering tactics.